Privacy Policy

Privacy Policy

Last updated on 24 February 2024. 

What does this Privacy and Security Policy Cover? 

Total Football Limited (referred to in this Privacy Policy as either “Total Football”, “Refsuite”, “Centre Circle”, “We”, “Us” or “Our”) respects your privacy and is committed to protecting your Personal Data. We want to be transparent with you about how we collect and use your Personal Data in making available the application and services (the “Service”) and providing our services. 

We want to make sure you know what happens to your Personal Data, what your rights are and how the law protects you. 

With that in mind, this Privacy Policy is designed to give you information on how we collect and process your personal data through the Service, including any data you may provide through the Service when you sign up as a user or customer.

The Privacy Policy is intended to meet our duties of Transparency. The protection of the personal data and the protection of the personal and financial information of our clients are our top priority. That is why we process your information exclusively on the basis of the applicable legislation, including the GDPR and the Data Protection Act 2018. 

Who we are and how to contact us 

Total Football Limited, a company incorporated and registered in England with company number 11906184 and whose registered office is at Ashbury Works, Gorton Road, Manchester, England, M12 5AD, is the Controller of your Personal Data. You can contact us directly with any privacy-related queries or complaints on our support email: dataprotection@centrecircleapp.com . 

Your rights relating to your Personal Data 

Under certain circumstances, by law, you have the right to:

  • Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. 

  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 

  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it, unless the processing is necessary for at least one of the following purposes: 


  • exercising the right of freedom of expression and information; 

  • for compliance with a legal obligation which requires processing by law to which Total Football and/or its processors are subject; 

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or 

  • establishing, exercising or defending legal claims. 


  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:  


  • if you want us to establish the data's accuracy;

  • where our use of the data is unlawful but you do not want us to erase it;

  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; and

  • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.  


  • Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. 


Children under 13 years old

If you are under 13 years of age, your legal guardian will need to provide consent on your behalf that Total Football can collect, store and share your Personal Data in accordance with this Privacy Policy. 

Changes to the Privacy Policy and your duty to inform us of changes 

We keep our Privacy Policy under regular review. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 

Third-party links 

This Service may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites or application and are not responsible for their privacy statements. When you leave our Service, we encourage you to read the Privacy Policy of every website or application you visit. 

How to exercise your rights 

If you want to exercise any of the rights described above, please contact us at dataprotection@centrecircleapp.com . Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights outlined above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may simply refuse to comply with your request in these circumstances. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). 

How long do we typically take to resolve requests? 

We try to respond to all legitimate requests within 30 business days. It may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

Complaints 

If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us:  dataprotection@centrecircleapp.com

We will reply to your complaint as soon as we can. 

If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (please note we can’t be responsible for the content of external websites). 

Marketing communications preferences 

You can ask us to stop sending you marketing messages at any time by: 

  • following the “Unsubscribe” links on any marketing message sent to you by Total Football or the Service; and/or 

  • contacting us at any time at support@centrecircleapp.com 


Where you opt-out of receiving these marketing messages, this opt-out will not apply to service-related communications (and any processing of your Personal Data involved in sending such communications). As a non-exhaustive list of what these service-related communications may include, they might be emails or notifications:

  • about services you subscribe to using the Service; 

  • messages that are part of the Service, such as notifying you of upcoming fixtures or changes to fixtures;

  • relating to the management of your account on the Service; 

  • concerning league, County or National Football Association operations;

  • about your use of the Service. 

  • concerning updates to this Privacy Policy or our Terms & Conditions etc. 

What Personal Data we collect 

All the Personal Data we collect, both from you and from third parties about you, is outlined below. 

The services we provide you with require the processing of your personal data by us as controller, subject to the terms and requirements for the measure for personal data protection under GDPR. 

Personal data does not include anonymous or aggregated data (i.e. information where the identity of the individual has been permanently removed). However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e. information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person). 

The types of personal data we may collect include the following:

  • Identity Data 

Your full name, your signature (when you sign for an order or to confirm collection of a return); title; date of birth; gender; FAN number; and FA registration number.

  • Contact Data 

Your home address, shipping address, billing address, postcode, email address and telephone numbers. 

  • Services Data

Information we collect through your use of the Service, including matches you are attending and have attended, quiz responses, meeting attendance and data about those matches and your performance. This is a non-exhaustive list.

  • Financial Data 

Your bank account and payment card details, including your bank account number, sort code, IBAN, BIC, and bank address. Payment card details will be collected directly by our Payment Processor and we won’t receive them. However, in certain limited cases, we may receive bank account details in the context of administering refunds. 

  • Transaction Data  

Your details about payments to and from you and other details of services you have purchased from us. 

  • Social Media Data 

The profile picture, email address and first and last name associated with your social media profile. 

  • Marketing and Communications Data 

Your preferences concerning receiving marketing from us and your communication preferences. 

  • Behavioural Data 

Inferred or assumed information relating to your behaviour and interests, based on your online activity. This is typically aggregated and grouped into “segments” 

  • Technical Data 

Internet protocol (IP) address, data about log-ins (e.g., the time when a log-in occurs), browser type and version, time zone setting and city-level location (inferred from your IP address), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Service or use our services. 

  • Profile Data  

Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.   

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate personal data to understand and improve our Service. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. 

How your personal data is collected 

We use different methods to collect data from and about you including through: 

  • You may give us information about yourself by interacting with our Service, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

  • apply for the services made available on our Service; 

  • create an account on our Service; 

  • use our Service, including inputting personal data to its functionality;

  • request marketing to be sent to you; 

  • responses to quizzes or meetings;

  • enter a competition, promotion or survey; or 

  • give us feedback or contact us.  

  • As you interact with our Service, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.  Please see our cookie policy for further details. 

  • We will receive personal data about you from various third parties and public sources, such as from local or national associations, organisations including leagues, tournaments, and academies or organisations that operate matches you attend.

  • Technical data from the following parties: 

  • analytics providers;  

  • advertising networks; and 

  • search information providers. 

  • Contact, Financial and Transaction Data from providers of technical and payment services. 

  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

How we use your Personal Data and why 

We will only use your Personal Data for the purposes for which we collected it as listed below unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. 

If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so. 

What is our “legal basis” for processing your Personal Data? 

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases: 

  • Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”). 

  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Data for is set out in the table below. 

  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”). 

We have set out below the uses we make of your personal data and the legal bases we rely on in respect of such uses. 

• To provide the Services 

This processing is necessary to perform the contract governing our provision of the Service to you, including: 

  • managing subscriptions on the Service, and providing access to the Service and its functionality;

  • passing your information to other users, football clubs, club secretaries, organisations and associations;

  • providing customer support;

  • setting up and managing your account on the Service; and

  • providing any other elements of the Service to you. 


We carry out this processing on the following legal bases: 

  • Contractual Necessity. 

  • Legitimate interests – we have a legitimate interest in processing the Personal Data for the purposes of performing the agreement we made with you and for the functioning of the Service, particularly in relation to the capture of statistics. 


  • Saying sorry 

If something goes wrong with your use of the Service, we may want to contact you to say 'sorry'. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. We have a legitimate interest in trying to maintain a good relationship with you in the event that something goes wrong with your use of the Service


  • Insights 

We record a small percentage of users’ interactions on the Service to identify issues with the user journeys to ensure the quality of service. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. It is in our legitimate interests that we are able to monitor certain user journeys to ensure that we can develop and improve the features and functionalities of our Service.


  1. Aggregated Data creation 

We may also create, use and share “Aggregated Data” (such as statistical or demographic data) for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. For example, we may aggregate Technical Data and Behavioural Data to calculate the percentage of users accessing a specific Service feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data that will be used in accordance with this Privacy Policy. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. We have a legitimate interest in creating Aggregated Data to use and share for our own business purposes. 


  1. Compliance, fraud prevention and safety 

We use your Personal Data as we believe it is necessary or appropriate to: 

  • enforce the terms and conditions that govern the use of the Service; 

  • protect our rights, privacy, safety or property, and/or that of you or others; 

  • protect, investigate and deter against fraudulent, harmful, unauthorised, unethical or illegal activity. 

We carry out this processing on the following legal bases: 

  • Compliance with Law – this will be the case where we have to carry out any of these processing activities in order to comply with a legal or regulatory obligation. 

  • Legitimate Interests – it is in our legitimate interests to be able to take appropriate steps to ensure that our services are legally compliant, free of fraud and safe for you, us and our businesses to use. 


  • Troubleshooting 

To track technical issues that might be occurring on our Service or relating to our services. 

We carry out this processing on the following legal bases: 

  • Legitimate Interests – it is in the legitimate interests that we are able to monitor and ensure the proper operation of our Service and associated systems and services. 


  • Security 

To keep our Service, together with associated services and systems, operational and secure. 

We carry out this processing on the following legal bases: 

  • Legitimate Interests. We have a legitimate interest in ensuring the ongoing security and proper operation of our Service, together with associated IT services and networks. This may include ensuring that we are protected from automated spamming, crawling, scraping, denial-of-service attacks and similar operations.


  • Marketing 

We use this information to prepare and send you electronic marketing communications relating to services that we think you might be interested in. 

We carry out this processing on the following legal bases: 

  • Consent – if you have subscribed to our mailing list, you have provided consent to us sending you marketing communications. You have the right to opt-out of such marketing at any time. 

  • Legitimate Interest – if you provided your email address in the course of signing up to our service or purchasing any services, we may send you marketing communications about similar services unless you have opted-out of receiving them. We do this on the basis that it is in our legitimate interests to do so. You have the right to opt-out of such marketing at any time. 

  • Legitimate Interest – we have a legitimate interest in collecting and using information about your engagement with our marketing emails (e.g., whether you open and/or forward those emails) to make sure that the offers that we inform you of are relevant to you. 

What happens if you do not provide the necessary Personal Data 

Where you fail to provide Personal Data that we need to process based on Contractual Necessity or for the purposes of Compliance with Law, we may not be able to perform the contract we have or are trying to enter into with you (for example, we may not be able to open your account or we may have to close your account).

Personal Data from Third Party Sources 

In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), we can also collect certain of your Personal Data from third party sources. These sources are broken down in the list below, together with a description of whether they are publicly available or not. 

  • Clubs, associations and organisations, and other users of the Service

  • Social Media sites 

  • Analytics Providers 

  • Advertising technology providers 

Who we share your Personal Data with

The list below describes who we share your Personal Data with, what we share and why we share it. 

  • Football clubs

So that you and other users can use the Service's functions properly, such as gaining access to the referee pools and referee performance analysis and benefiting from the Service’s automation and notification functions and integration features for time savings as well as fixture information and management and confirmation and availability calendars and so that users can use the Service’s functions to enable communication between football clubs and referees.

  • Other users of the Service

So that you and other users can use the Service’s functions properly, such as gaining access to the referee pools and referee performance analysis and benefiting from the Service’s automation and notification functions and integration features for time savings as well as fixture information and management and confirmation and availability calendars and so that users can use the Service's functions to enable communication between its users.

  • Football Associations (including County FAs) and organisations

So that the Service can interact properly with fixtures and other information provided by the third parties, and to ensure that it complies with obligations to the Football Association relating to the sharing of personal data and so County FAs can confirm guardian relationships to children. 

  • Advertising technology providers 

Advertising technology and analytics providers collect this Personal Data via this Service and via our marketing emails so that they can make sure that you see the most relevant content based on how you interact with the Service, other pages on the internet, and our marketing emails. 

  • Our payment processors 

We engage third parties to process your payments for products and services purchased via the Service. 

  • Our Hosting Provider 

We outsource the hosting of the Service. This means that all categories of Personal Data that we process will be held and stored on the servers of our hosted service provider within the EEA. 

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets 

We may disclose Personal Data to third parties to whom we may choose to sell, transfer, or merge all or any parts of our business or our assets. If we undergo a change like this to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy. 

  • Third parties for the purposes of developing and improving the software or carrying out security checks

We may disclose Personal Data to third parties based in the UK with whom we may engage to improve our software, IT and system administration services.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

How we keep your data secure 

The data we collect from you shall be stored within the UK. Total Football has implemented a range of technical and organisational measures for protection of your personal data against loss or other forms of unlawful processing. The personal data are accessible only to those persons who need access in order to perform their work in connection with the fulfilment of our Service. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

How long we store your Personal Data 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

After you first input your personal data into the Service, your personal data may be stored for a period of at least 7 years from such personal data being obtained.

Cookies 

You can refuse all or some cookies. If you disable or refuse cookies, please note that some parts of this Service may become inaccessible or not function properly. For more information about the cookies we use, please see refsuite.co.uk/pages/cookie-policy . 

Change of purpose  

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.  

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

Last updated on 24 February 2024. 

What does this Privacy and Security Policy Cover? 

Total Football Limited (referred to in this Privacy Policy as either “Total Football”, “Refsuite”, “Centre Circle”, “We”, “Us” or “Our”) respects your privacy and is committed to protecting your Personal Data. We want to be transparent with you about how we collect and use your Personal Data in making available the application and services (the “Service”) and providing our services. 

We want to make sure you know what happens to your Personal Data, what your rights are and how the law protects you. 

With that in mind, this Privacy Policy is designed to give you information on how we collect and process your personal data through the Service, including any data you may provide through the Service when you sign up as a user or customer.

The Privacy Policy is intended to meet our duties of Transparency. The protection of the personal data and the protection of the personal and financial information of our clients are our top priority. That is why we process your information exclusively on the basis of the applicable legislation, including the GDPR and the Data Protection Act 2018. 

Who we are and how to contact us 

Total Football Limited, a company incorporated and registered in England with company number 11906184 and whose registered office is at Ashbury Works, Gorton Road, Manchester, England, M12 5AD, is the Controller of your Personal Data. You can contact us directly with any privacy-related queries or complaints on our support email: dataprotection@centrecircleapp.com . 

Your rights relating to your Personal Data 

Under certain circumstances, by law, you have the right to:

  • Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. 

  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 

  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it, unless the processing is necessary for at least one of the following purposes: 


  • exercising the right of freedom of expression and information; 

  • for compliance with a legal obligation which requires processing by law to which Total Football and/or its processors are subject; 

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or 

  • establishing, exercising or defending legal claims. 


  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:  


  • if you want us to establish the data's accuracy;

  • where our use of the data is unlawful but you do not want us to erase it;

  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; and

  • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.  


  • Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. 


Children under 13 years old

If you are under 13 years of age, your legal guardian will need to provide consent on your behalf that Total Football can collect, store and share your Personal Data in accordance with this Privacy Policy. 

Changes to the Privacy Policy and your duty to inform us of changes 

We keep our Privacy Policy under regular review. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 

Third-party links 

This Service may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites or application and are not responsible for their privacy statements. When you leave our Service, we encourage you to read the Privacy Policy of every website or application you visit. 

How to exercise your rights 

If you want to exercise any of the rights described above, please contact us at dataprotection@centrecircleapp.com . Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights outlined above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may simply refuse to comply with your request in these circumstances. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). 

How long do we typically take to resolve requests? 

We try to respond to all legitimate requests within 30 business days. It may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

Complaints 

If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us:  dataprotection@centrecircleapp.com

We will reply to your complaint as soon as we can. 

If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (please note we can’t be responsible for the content of external websites). 

Marketing communications preferences 

You can ask us to stop sending you marketing messages at any time by: 

  • following the “Unsubscribe” links on any marketing message sent to you by Total Football or the Service; and/or 

  • contacting us at any time at support@centrecircleapp.com 


Where you opt-out of receiving these marketing messages, this opt-out will not apply to service-related communications (and any processing of your Personal Data involved in sending such communications). As a non-exhaustive list of what these service-related communications may include, they might be emails or notifications:

  • about services you subscribe to using the Service; 

  • messages that are part of the Service, such as notifying you of upcoming fixtures or changes to fixtures;

  • relating to the management of your account on the Service; 

  • concerning league, County or National Football Association operations;

  • about your use of the Service. 

  • concerning updates to this Privacy Policy or our Terms & Conditions etc. 

What Personal Data we collect 

All the Personal Data we collect, both from you and from third parties about you, is outlined below. 

The services we provide you with require the processing of your personal data by us as controller, subject to the terms and requirements for the measure for personal data protection under GDPR. 

Personal data does not include anonymous or aggregated data (i.e. information where the identity of the individual has been permanently removed). However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e. information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person). 

The types of personal data we may collect include the following:

  • Identity Data 

Your full name, your signature (when you sign for an order or to confirm collection of a return); title; date of birth; gender; FAN number; and FA registration number.

  • Contact Data 

Your home address, shipping address, billing address, postcode, email address and telephone numbers. 

  • Services Data

Information we collect through your use of the Service, including matches you are attending and have attended, quiz responses, meeting attendance and data about those matches and your performance. This is a non-exhaustive list.

  • Financial Data 

Your bank account and payment card details, including your bank account number, sort code, IBAN, BIC, and bank address. Payment card details will be collected directly by our Payment Processor and we won’t receive them. However, in certain limited cases, we may receive bank account details in the context of administering refunds. 

  • Transaction Data  

Your details about payments to and from you and other details of services you have purchased from us. 

  • Social Media Data 

The profile picture, email address and first and last name associated with your social media profile. 

  • Marketing and Communications Data 

Your preferences concerning receiving marketing from us and your communication preferences. 

  • Behavioural Data 

Inferred or assumed information relating to your behaviour and interests, based on your online activity. This is typically aggregated and grouped into “segments” 

  • Technical Data 

Internet protocol (IP) address, data about log-ins (e.g., the time when a log-in occurs), browser type and version, time zone setting and city-level location (inferred from your IP address), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Service or use our services. 

  • Profile Data  

Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.   

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate personal data to understand and improve our Service. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. 

How your personal data is collected 

We use different methods to collect data from and about you including through: 

  • You may give us information about yourself by interacting with our Service, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

  • apply for the services made available on our Service; 

  • create an account on our Service; 

  • use our Service, including inputting personal data to its functionality;

  • request marketing to be sent to you; 

  • responses to quizzes or meetings;

  • enter a competition, promotion or survey; or 

  • give us feedback or contact us.  

  • As you interact with our Service, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.  Please see our cookie policy for further details. 

  • We will receive personal data about you from various third parties and public sources, such as from local or national associations, organisations including leagues, tournaments, and academies or organisations that operate matches you attend.

  • Technical data from the following parties: 

  • analytics providers;  

  • advertising networks; and 

  • search information providers. 

  • Contact, Financial and Transaction Data from providers of technical and payment services. 

  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

How we use your Personal Data and why 

We will only use your Personal Data for the purposes for which we collected it as listed below unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. 

If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so. 

What is our “legal basis” for processing your Personal Data? 

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases: 

  • Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”). 

  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Data for is set out in the table below. 

  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”). 

We have set out below the uses we make of your personal data and the legal bases we rely on in respect of such uses. 

• To provide the Services 

This processing is necessary to perform the contract governing our provision of the Service to you, including: 

  • managing subscriptions on the Service, and providing access to the Service and its functionality;

  • passing your information to other users, football clubs, club secretaries, organisations and associations;

  • providing customer support;

  • setting up and managing your account on the Service; and

  • providing any other elements of the Service to you. 


We carry out this processing on the following legal bases: 

  • Contractual Necessity. 

  • Legitimate interests – we have a legitimate interest in processing the Personal Data for the purposes of performing the agreement we made with you and for the functioning of the Service, particularly in relation to the capture of statistics. 


  • Saying sorry 

If something goes wrong with your use of the Service, we may want to contact you to say 'sorry'. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. We have a legitimate interest in trying to maintain a good relationship with you in the event that something goes wrong with your use of the Service


  • Insights 

We record a small percentage of users’ interactions on the Service to identify issues with the user journeys to ensure the quality of service. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. It is in our legitimate interests that we are able to monitor certain user journeys to ensure that we can develop and improve the features and functionalities of our Service.


  1. Aggregated Data creation 

We may also create, use and share “Aggregated Data” (such as statistical or demographic data) for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. For example, we may aggregate Technical Data and Behavioural Data to calculate the percentage of users accessing a specific Service feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data that will be used in accordance with this Privacy Policy. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. We have a legitimate interest in creating Aggregated Data to use and share for our own business purposes. 


  1. Compliance, fraud prevention and safety 

We use your Personal Data as we believe it is necessary or appropriate to: 

  • enforce the terms and conditions that govern the use of the Service; 

  • protect our rights, privacy, safety or property, and/or that of you or others; 

  • protect, investigate and deter against fraudulent, harmful, unauthorised, unethical or illegal activity. 

We carry out this processing on the following legal bases: 

  • Compliance with Law – this will be the case where we have to carry out any of these processing activities in order to comply with a legal or regulatory obligation. 

  • Legitimate Interests – it is in our legitimate interests to be able to take appropriate steps to ensure that our services are legally compliant, free of fraud and safe for you, us and our businesses to use. 


  • Troubleshooting 

To track technical issues that might be occurring on our Service or relating to our services. 

We carry out this processing on the following legal bases: 

  • Legitimate Interests – it is in the legitimate interests that we are able to monitor and ensure the proper operation of our Service and associated systems and services. 


  • Security 

To keep our Service, together with associated services and systems, operational and secure. 

We carry out this processing on the following legal bases: 

  • Legitimate Interests. We have a legitimate interest in ensuring the ongoing security and proper operation of our Service, together with associated IT services and networks. This may include ensuring that we are protected from automated spamming, crawling, scraping, denial-of-service attacks and similar operations.


  • Marketing 

We use this information to prepare and send you electronic marketing communications relating to services that we think you might be interested in. 

We carry out this processing on the following legal bases: 

  • Consent – if you have subscribed to our mailing list, you have provided consent to us sending you marketing communications. You have the right to opt-out of such marketing at any time. 

  • Legitimate Interest – if you provided your email address in the course of signing up to our service or purchasing any services, we may send you marketing communications about similar services unless you have opted-out of receiving them. We do this on the basis that it is in our legitimate interests to do so. You have the right to opt-out of such marketing at any time. 

  • Legitimate Interest – we have a legitimate interest in collecting and using information about your engagement with our marketing emails (e.g., whether you open and/or forward those emails) to make sure that the offers that we inform you of are relevant to you. 

What happens if you do not provide the necessary Personal Data 

Where you fail to provide Personal Data that we need to process based on Contractual Necessity or for the purposes of Compliance with Law, we may not be able to perform the contract we have or are trying to enter into with you (for example, we may not be able to open your account or we may have to close your account).

Personal Data from Third Party Sources 

In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), we can also collect certain of your Personal Data from third party sources. These sources are broken down in the list below, together with a description of whether they are publicly available or not. 

  • Clubs, associations and organisations, and other users of the Service

  • Social Media sites 

  • Analytics Providers 

  • Advertising technology providers 

Who we share your Personal Data with

The list below describes who we share your Personal Data with, what we share and why we share it. 

  • Football clubs

So that you and other users can use the Service's functions properly, such as gaining access to the referee pools and referee performance analysis and benefiting from the Service’s automation and notification functions and integration features for time savings as well as fixture information and management and confirmation and availability calendars and so that users can use the Service’s functions to enable communication between football clubs and referees.

  • Other users of the Service

So that you and other users can use the Service’s functions properly, such as gaining access to the referee pools and referee performance analysis and benefiting from the Service’s automation and notification functions and integration features for time savings as well as fixture information and management and confirmation and availability calendars and so that users can use the Service's functions to enable communication between its users.

  • Football Associations (including County FAs) and organisations

So that the Service can interact properly with fixtures and other information provided by the third parties, and to ensure that it complies with obligations to the Football Association relating to the sharing of personal data and so County FAs can confirm guardian relationships to children. 

  • Advertising technology providers 

Advertising technology and analytics providers collect this Personal Data via this Service and via our marketing emails so that they can make sure that you see the most relevant content based on how you interact with the Service, other pages on the internet, and our marketing emails. 

  • Our payment processors 

We engage third parties to process your payments for products and services purchased via the Service. 

  • Our Hosting Provider 

We outsource the hosting of the Service. This means that all categories of Personal Data that we process will be held and stored on the servers of our hosted service provider within the EEA. 

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets 

We may disclose Personal Data to third parties to whom we may choose to sell, transfer, or merge all or any parts of our business or our assets. If we undergo a change like this to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy. 

  • Third parties for the purposes of developing and improving the software or carrying out security checks

We may disclose Personal Data to third parties based in the UK with whom we may engage to improve our software, IT and system administration services.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

How we keep your data secure 

The data we collect from you shall be stored within the UK. Total Football has implemented a range of technical and organisational measures for protection of your personal data against loss or other forms of unlawful processing. The personal data are accessible only to those persons who need access in order to perform their work in connection with the fulfilment of our Service. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

How long we store your Personal Data 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

After you first input your personal data into the Service, your personal data may be stored for a period of at least 7 years from such personal data being obtained.

Cookies 

You can refuse all or some cookies. If you disable or refuse cookies, please note that some parts of this Service may become inaccessible or not function properly. For more information about the cookies we use, please see refsuite.co.uk/pages/cookie-policy . 

Change of purpose  

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.  

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

Last updated on 24 February 2024. 

What does this Privacy and Security Policy Cover? 

Total Football Limited (referred to in this Privacy Policy as either “Total Football”, “Refsuite”, “Centre Circle”, “We”, “Us” or “Our”) respects your privacy and is committed to protecting your Personal Data. We want to be transparent with you about how we collect and use your Personal Data in making available the application and services (the “Service”) and providing our services. 

We want to make sure you know what happens to your Personal Data, what your rights are and how the law protects you. 

With that in mind, this Privacy Policy is designed to give you information on how we collect and process your personal data through the Service, including any data you may provide through the Service when you sign up as a user or customer.

The Privacy Policy is intended to meet our duties of Transparency. The protection of the personal data and the protection of the personal and financial information of our clients are our top priority. That is why we process your information exclusively on the basis of the applicable legislation, including the GDPR and the Data Protection Act 2018. 

Who we are and how to contact us 

Total Football Limited, a company incorporated and registered in England with company number 11906184 and whose registered office is at Ashbury Works, Gorton Road, Manchester, England, M12 5AD, is the Controller of your Personal Data. You can contact us directly with any privacy-related queries or complaints on our support email: dataprotection@centrecircleapp.com . 

Your rights relating to your Personal Data 

Under certain circumstances, by law, you have the right to:

  • Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. 

  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 

  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it, unless the processing is necessary for at least one of the following purposes: 


  • exercising the right of freedom of expression and information; 

  • for compliance with a legal obligation which requires processing by law to which Total Football and/or its processors are subject; 

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or 

  • establishing, exercising or defending legal claims. 


  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:  


  • if you want us to establish the data's accuracy;

  • where our use of the data is unlawful but you do not want us to erase it;

  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; and

  • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.  


  • Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. 


Children under 13 years old

If you are under 13 years of age, your legal guardian will need to provide consent on your behalf that Total Football can collect, store and share your Personal Data in accordance with this Privacy Policy. 

Changes to the Privacy Policy and your duty to inform us of changes 

We keep our Privacy Policy under regular review. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 

Third-party links 

This Service may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites or application and are not responsible for their privacy statements. When you leave our Service, we encourage you to read the Privacy Policy of every website or application you visit. 

How to exercise your rights 

If you want to exercise any of the rights described above, please contact us at dataprotection@centrecircleapp.com . Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights outlined above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may simply refuse to comply with your request in these circumstances. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). 

How long do we typically take to resolve requests? 

We try to respond to all legitimate requests within 30 business days. It may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

Complaints 

If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us:  dataprotection@centrecircleapp.com

We will reply to your complaint as soon as we can. 

If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (please note we can’t be responsible for the content of external websites). 

Marketing communications preferences 

You can ask us to stop sending you marketing messages at any time by: 

  • following the “Unsubscribe” links on any marketing message sent to you by Total Football or the Service; and/or 

  • contacting us at any time at support@centrecircleapp.com 


Where you opt-out of receiving these marketing messages, this opt-out will not apply to service-related communications (and any processing of your Personal Data involved in sending such communications). As a non-exhaustive list of what these service-related communications may include, they might be emails or notifications:

  • about services you subscribe to using the Service; 

  • messages that are part of the Service, such as notifying you of upcoming fixtures or changes to fixtures;

  • relating to the management of your account on the Service; 

  • concerning league, County or National Football Association operations;

  • about your use of the Service. 

  • concerning updates to this Privacy Policy or our Terms & Conditions etc. 

What Personal Data we collect 

All the Personal Data we collect, both from you and from third parties about you, is outlined below. 

The services we provide you with require the processing of your personal data by us as controller, subject to the terms and requirements for the measure for personal data protection under GDPR. 

Personal data does not include anonymous or aggregated data (i.e. information where the identity of the individual has been permanently removed). However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e. information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person). 

The types of personal data we may collect include the following:

  • Identity Data 

Your full name, your signature (when you sign for an order or to confirm collection of a return); title; date of birth; gender; FAN number; and FA registration number.

  • Contact Data 

Your home address, shipping address, billing address, postcode, email address and telephone numbers. 

  • Services Data

Information we collect through your use of the Service, including matches you are attending and have attended, quiz responses, meeting attendance and data about those matches and your performance. This is a non-exhaustive list.

  • Financial Data 

Your bank account and payment card details, including your bank account number, sort code, IBAN, BIC, and bank address. Payment card details will be collected directly by our Payment Processor and we won’t receive them. However, in certain limited cases, we may receive bank account details in the context of administering refunds. 

  • Transaction Data  

Your details about payments to and from you and other details of services you have purchased from us. 

  • Social Media Data 

The profile picture, email address and first and last name associated with your social media profile. 

  • Marketing and Communications Data 

Your preferences concerning receiving marketing from us and your communication preferences. 

  • Behavioural Data 

Inferred or assumed information relating to your behaviour and interests, based on your online activity. This is typically aggregated and grouped into “segments” 

  • Technical Data 

Internet protocol (IP) address, data about log-ins (e.g., the time when a log-in occurs), browser type and version, time zone setting and city-level location (inferred from your IP address), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Service or use our services. 

  • Profile Data  

Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.   

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate personal data to understand and improve our Service. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. 

How your personal data is collected 

We use different methods to collect data from and about you including through: 

  • You may give us information about yourself by interacting with our Service, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

  • apply for the services made available on our Service; 

  • create an account on our Service; 

  • use our Service, including inputting personal data to its functionality;

  • request marketing to be sent to you; 

  • responses to quizzes or meetings;

  • enter a competition, promotion or survey; or 

  • give us feedback or contact us.  

  • As you interact with our Service, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.  Please see our cookie policy for further details. 

  • We will receive personal data about you from various third parties and public sources, such as from local or national associations, organisations including leagues, tournaments, and academies or organisations that operate matches you attend.

  • Technical data from the following parties: 

  • analytics providers;  

  • advertising networks; and 

  • search information providers. 

  • Contact, Financial and Transaction Data from providers of technical and payment services. 

  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

How we use your Personal Data and why 

We will only use your Personal Data for the purposes for which we collected it as listed below unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. 

If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so. 

What is our “legal basis” for processing your Personal Data? 

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases: 

  • Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”). 

  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Data for is set out in the table below. 

  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”). 

We have set out below the uses we make of your personal data and the legal bases we rely on in respect of such uses. 

• To provide the Services 

This processing is necessary to perform the contract governing our provision of the Service to you, including: 

  • managing subscriptions on the Service, and providing access to the Service and its functionality;

  • passing your information to other users, football clubs, club secretaries, organisations and associations;

  • providing customer support;

  • setting up and managing your account on the Service; and

  • providing any other elements of the Service to you. 


We carry out this processing on the following legal bases: 

  • Contractual Necessity. 

  • Legitimate interests – we have a legitimate interest in processing the Personal Data for the purposes of performing the agreement we made with you and for the functioning of the Service, particularly in relation to the capture of statistics. 


  • Saying sorry 

If something goes wrong with your use of the Service, we may want to contact you to say 'sorry'. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. We have a legitimate interest in trying to maintain a good relationship with you in the event that something goes wrong with your use of the Service


  • Insights 

We record a small percentage of users’ interactions on the Service to identify issues with the user journeys to ensure the quality of service. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. It is in our legitimate interests that we are able to monitor certain user journeys to ensure that we can develop and improve the features and functionalities of our Service.


  1. Aggregated Data creation 

We may also create, use and share “Aggregated Data” (such as statistical or demographic data) for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. For example, we may aggregate Technical Data and Behavioural Data to calculate the percentage of users accessing a specific Service feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data that will be used in accordance with this Privacy Policy. 

We carry out this processing on the following legal basis: 

  • Legitimate Interests. We have a legitimate interest in creating Aggregated Data to use and share for our own business purposes. 


  1. Compliance, fraud prevention and safety 

We use your Personal Data as we believe it is necessary or appropriate to: 

  • enforce the terms and conditions that govern the use of the Service; 

  • protect our rights, privacy, safety or property, and/or that of you or others; 

  • protect, investigate and deter against fraudulent, harmful, unauthorised, unethical or illegal activity. 

We carry out this processing on the following legal bases: 

  • Compliance with Law – this will be the case where we have to carry out any of these processing activities in order to comply with a legal or regulatory obligation. 

  • Legitimate Interests – it is in our legitimate interests to be able to take appropriate steps to ensure that our services are legally compliant, free of fraud and safe for you, us and our businesses to use. 


  • Troubleshooting 

To track technical issues that might be occurring on our Service or relating to our services. 

We carry out this processing on the following legal bases: 

  • Legitimate Interests – it is in the legitimate interests that we are able to monitor and ensure the proper operation of our Service and associated systems and services. 


  • Security 

To keep our Service, together with associated services and systems, operational and secure. 

We carry out this processing on the following legal bases: 

  • Legitimate Interests. We have a legitimate interest in ensuring the ongoing security and proper operation of our Service, together with associated IT services and networks. This may include ensuring that we are protected from automated spamming, crawling, scraping, denial-of-service attacks and similar operations.


  • Marketing 

We use this information to prepare and send you electronic marketing communications relating to services that we think you might be interested in. 

We carry out this processing on the following legal bases: 

  • Consent – if you have subscribed to our mailing list, you have provided consent to us sending you marketing communications. You have the right to opt-out of such marketing at any time. 

  • Legitimate Interest – if you provided your email address in the course of signing up to our service or purchasing any services, we may send you marketing communications about similar services unless you have opted-out of receiving them. We do this on the basis that it is in our legitimate interests to do so. You have the right to opt-out of such marketing at any time. 

  • Legitimate Interest – we have a legitimate interest in collecting and using information about your engagement with our marketing emails (e.g., whether you open and/or forward those emails) to make sure that the offers that we inform you of are relevant to you. 

What happens if you do not provide the necessary Personal Data 

Where you fail to provide Personal Data that we need to process based on Contractual Necessity or for the purposes of Compliance with Law, we may not be able to perform the contract we have or are trying to enter into with you (for example, we may not be able to open your account or we may have to close your account).

Personal Data from Third Party Sources 

In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), we can also collect certain of your Personal Data from third party sources. These sources are broken down in the list below, together with a description of whether they are publicly available or not. 

  • Clubs, associations and organisations, and other users of the Service

  • Social Media sites 

  • Analytics Providers 

  • Advertising technology providers 

Who we share your Personal Data with

The list below describes who we share your Personal Data with, what we share and why we share it. 

  • Football clubs

So that you and other users can use the Service's functions properly, such as gaining access to the referee pools and referee performance analysis and benefiting from the Service’s automation and notification functions and integration features for time savings as well as fixture information and management and confirmation and availability calendars and so that users can use the Service’s functions to enable communication between football clubs and referees.

  • Other users of the Service

So that you and other users can use the Service’s functions properly, such as gaining access to the referee pools and referee performance analysis and benefiting from the Service’s automation and notification functions and integration features for time savings as well as fixture information and management and confirmation and availability calendars and so that users can use the Service's functions to enable communication between its users.

  • Football Associations (including County FAs) and organisations

So that the Service can interact properly with fixtures and other information provided by the third parties, and to ensure that it complies with obligations to the Football Association relating to the sharing of personal data and so County FAs can confirm guardian relationships to children. 

  • Advertising technology providers 

Advertising technology and analytics providers collect this Personal Data via this Service and via our marketing emails so that they can make sure that you see the most relevant content based on how you interact with the Service, other pages on the internet, and our marketing emails. 

  • Our payment processors 

We engage third parties to process your payments for products and services purchased via the Service. 

  • Our Hosting Provider 

We outsource the hosting of the Service. This means that all categories of Personal Data that we process will be held and stored on the servers of our hosted service provider within the EEA. 

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets 

We may disclose Personal Data to third parties to whom we may choose to sell, transfer, or merge all or any parts of our business or our assets. If we undergo a change like this to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy. 

  • Third parties for the purposes of developing and improving the software or carrying out security checks

We may disclose Personal Data to third parties based in the UK with whom we may engage to improve our software, IT and system administration services.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

How we keep your data secure 

The data we collect from you shall be stored within the UK. Total Football has implemented a range of technical and organisational measures for protection of your personal data against loss or other forms of unlawful processing. The personal data are accessible only to those persons who need access in order to perform their work in connection with the fulfilment of our Service. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

How long we store your Personal Data 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

After you first input your personal data into the Service, your personal data may be stored for a period of at least 7 years from such personal data being obtained.

Cookies 

You can refuse all or some cookies. If you disable or refuse cookies, please note that some parts of this Service may become inaccessible or not function properly. For more information about the cookies we use, please see refsuite.co.uk/pages/cookie-policy . 

Change of purpose  

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.  

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

Home

Why We Are Free

Users

News

Book Demo

Portal

Book Demo